In config/config.php file write below code on top of everything-
<?phpif (session_id() == '') session_start(); error_reporting(0);
if(isset($_GET['logout'])){
session_destroy();
header('Location: dialog.php');
exit();
}
if(!isset($_SESSION['authorized'])){
if(isset($_POST['submit'])){
$db = 'yourdbname';
$uname = 'username';
$pass = 'yourpass';
$db = new PDO("mysql:host=localhost;dbname=".$db, $uname,$pass);
$stmt = $db->prepare("SELECT password FROM users WHERE email=?");// AND password=?
$stmt->bindValue(1, $_POST['username'], PDO::PARAM_STR);
// $stmt->bindValue(2, password_hash($_POST['password'],CRYPT_BLOWFISH ), PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetch(PDO::FETCH_ASSOC);
if (version_compare(PHP_VERSION, '5.5.9') >= 0) {
}else{
//include this library https://github.com/ircmaxell/password_compat
require_once 'passwordLib.php';
}
//echo '<pre>';print_r($rows);exit;
if( password_verify($_POST['password'],$rows['password']) ){
$_SESSION['authorized'] = true;
header('Location: dialog.php');
exit();
}
}
?>
<form action='' method='post' autocomplete='off'>
<p>Email: <input type="text" name="username" value=""></p>
<p>Password: <input type="password" name="password" value=""></p>
<p><input type="submit" name="submit" value="Login"></p>
</form>
<?php exit;}?>
and enclose all of rfm code in else part.
No comments:
Post a Comment